Is there any general sense of the techniques being used in these cracks? Just from a defensive coding perspective, I'd like to know if there are programming errors, weak links in frameworks, or what.
If you read MongoHQ's extremely detailed report[0], you'll see that the original intrusion was based on shared credentials (that were cracked on another system). This was then exploited in a number of ways to compromise various clients of MongoHQ.
Lots more discussion over at [1].
The main takeaway is to take security seriously, and employ multiple levels of security. The MongoHQ team are doing things like 2 factor auth, and restricting customer service tools to a vpn. As far as I can see, no framework or coding bugs.
